By Role and Responsibility

By Business Size

Don’t Throw Your Reputation in the Waste Bin

In This Issue:

Don’t throw your reputation in the waste bin.

Have you really pondered the impact of a security breach? It can lead to regulatory fines, identity theft and fraud, unhappy clients or employees, negative media attention and expensive lawsuits. Additionally, your organisation’s intellectual property and commercial secrets could be leaked to your competitors. As you can see, the damage of compromised security can be significant, and potentially devastating, to any organisation’s reputation and brand.

1. Reputation: Your most valuable and fragile business asset

In recent uncertain economic times, the pressures to cut costs have been immense. It is important, however, not to lose sight of your organisation’s long-term goals and most valuable business assets. Reputation is one of those assets — powerful, yet intangible and fragile, it serves as the hallmark of your company, attracting resources and business and supporting long-term profitability.

In an ever more connected world where users’ experience of products and services — both positive and negative — can be shared more widely, quicker and with more people than ever before, the value of a good reputation (and, conversely, the damage caused by a bad one) is surely only going to increase. If your products and services are meeting your customer’s needs, reputation is the engine that will continue to drive growth, increase profits and help you beat the competition.

Reputation is defined by more than your company’s services and products. Vincent De Palma, President and CEO at Shred-it says, “Leading companies understand that serving their clients also means protecting them, particularly from any harm caused through these companies’ own actions.” De Palma continues, “In this digital age, one of the most important individual rights is the right to privacy, which is closely related to the security of our personal information. New and existing laws and regulations recognise and protect these rights, and so should all businesses and organisations, large or small. Furthermore, this protection should extend beyond your clients to your business partners, employees and all stakeholders.”

The protection of this sensitive information is critical to an organisation’s ability to conduct business with various stakeholders. If your clients or partners have concerns about the security of their financial or personal information while it’s in your care, they may take their business elsewhere. This loss of business is almost a certainty if the security of their personal information has been compromised while in your custody. Conversely, an untarnished reputation will give your customers, employees and partners the level of comfort they need to count on you as a trusted partner.

To further quantify the cost of a data breach, it has been estimated that security breaches in the UK cost over £2.2 million per incident — that’s according to the 2014 Cost of Data Breach Study for the UK conducted by the Ponemon Institute.1 What’s more, lost business costs — including abnormal turnover of customers, increased customer acquisition activities, reputation losses and diminished goodwill — account for £950,000 of that total. Given these far-reaching consequences and ever-increasing expenses, you’re likely to be asking yourself, “How can I protect my company and its brand integrity from a security breach?” We’ll tackle this question next as we move through this newsletter.

2. The risks to your company’s reputation

What factors jeopardise your organisation’s reputation? You’d be surprised at the daily tasks and potential risks associated with everyday work activities that can place your confidential information, and your company, at risk:

Electronic breaches receive the bulk of media coverage, yet “low-tech” security breaches involving paper documents account for a significant proportion of incidents deemed serious enough for the Information Commissioner’s Office (ICO) to impose a monetary penalty on the organisation at fault. These breaches included sensitive documents: being left in filing cabinets that were then sold to the general public; left behind after premises were vacated; left on a train; ending up in a supermarket car park recycling bin; and faxes being sent to the wrong recipients.2

The most common threats occur when documents containing confidential information are recycled or thrown away without being destroyed. Small and medium-sized businesses are especially vulnerable to such risks. Due to their size and their focus on growth, they may not have formal information security policies and procedures in place. According to Shred-it’s 2014 Information Security Tracker survey only just over half (54 per cent) of SMEs said they had a protocol that was strictly adhered to by all employees.3

Companies of any size should realise that taking risks with the security of their customer and business information could lead to potential repercussions such as: litigation costs, fines, negative media attention and reputation damage. A secure document destruction process allows organisations to not only invest in their security and reputation, but also in long-term productivity.

The damage that a security breach can do to your organisation’s reputation can be expensive, long-lasting and even catastrophic. Our focus now turns to prevention and steps you can take to reduce your security risk:

Adopt a “shred all” policy. A simple and effective way to improve your information security is to shred all documents, regardless of content.

Shred before recycling. Shred confidential documents before recycling — don’t let them sit unattended in recycling bins or be intercepted in transit once they leave your office.